From 50e0ca7f9d791f8e98b02c5a63ee79a932051b4b Mon Sep 17 00:00:00 2001
From: Mark Story <mark@mark-story.com>
Date: Sun, 5 Apr 2020 00:25:09 -0400
Subject: [PATCH] Add TLS 1.3 support to CakeSocket

Fixes #14422
---
 lib/Cake/Network/CakeSocket.php | 28 +++++++++++++++++++++-------
 1 file changed, 21 insertions(+), 7 deletions(-)

diff --git a/lib/Cake/Network/CakeSocket.php b/lib/Cake/Network/CakeSocket.php
index a4c472fea..7b159ab0c 100644
--- a/lib/Cake/Network/CakeSocket.php
+++ b/lib/Cake/Network/CakeSocket.php
@@ -9,11 +9,11 @@
  * For full copyright and license information, please see the LICENSE.txt
  * Redistributions of files must retain the above copyright notice.
  *
- * @copyright     Copyright (c) Cake Software Foundation, Inc. (https://cakefoundation.org)
- * @link          https://cakephp.org CakePHP(tm) Project
- * @package       Cake.Network
- * @since         CakePHP(tm) v 1.2.0
- * @license       https://opensource.org/licenses/mit-license.php MIT License
+ * @copyright	  Copyright (c) Cake Software Foundation, Inc. (https://cakefoundation.org)
+ * @link		  https://cakephp.org CakePHP(tm) Project
+ * @package		  Cake.Network
+ * @since		  CakePHP(tm) v 1.2.0
+ * @license		  https://opensource.org/licenses/mit-license.php MIT License
  */
 
 App::uses('Validation', 'Utility');
@@ -23,7 +23,7 @@ App::uses('Validation', 'Utility');
  *
  * Core base class for network communication.
  *
- * @package       Cake.Network
+ * @package		  Cake.Network
  */
 class CakeSocket {
 
@@ -139,7 +139,9 @@ class CakeSocket {
 			'tlsv1_1_client' => 'STREAM_CRYPTO_METHOD_TLSv1_1_CLIENT',
 			'tlsv1_2_client' => 'STREAM_CRYPTO_METHOD_TLSv1_2_CLIENT',
 			'tlsv1_1_server' => 'STREAM_CRYPTO_METHOD_TLSv1_1_SERVER',
-			'tlsv1_2_server' => 'STREAM_CRYPTO_METHOD_TLSv1_2_SERVER'
+			'tlsv1_2_server' => 'STREAM_CRYPTO_METHOD_TLSv1_2_SERVER',
+			'tlsv1_3_server' => 'STREAM_CRYPTO_METHOD_TLSv1_3_SERVER',
+			'tlsv1_3_client' => 'STREAM_CRYPTO_METHOD_TLSv1_3_CLIENT'
 		);
 		foreach ($conditionalCrypto as $key => $const) {
 			if (defined($const)) {
@@ -154,6 +156,18 @@ class CakeSocket {
 		if (isset($this->_encryptMethods['tlsv1_2_server'])) {
 			$this->_encryptMethods['tls_server'] = STREAM_CRYPTO_METHOD_TLS_SERVER | STREAM_CRYPTO_METHOD_TLSv1_1_SERVER | STREAM_CRYPTO_METHOD_TLSv1_2_SERVER;
 		}
+		if (isset($this->_encryptMethods['tlsv1_3_client'])) {
+			$this->_encryptMethods['tls_client'] = STREAM_CRYPTO_METHOD_TLS_CLIENT |
+				STREAM_CRYPTO_METHOD_TLSv1_1_CLIENT |
+				STREAM_CRYPTO_METHOD_TLSv1_2_CLIENT |
+				STREAM_CRYPTO_METHOD_TLSv1_3_CLIENT;
+		}
+		if (isset($this->_encryptMethods['tlsv1_3_server'])) {
+			$this->_encryptMethods['tls_server'] = STREAM_CRYPTO_METHOD_TLS_SERVER |
+				STREAM_CRYPTO_METHOD_TLSv1_1_SERVER |
+				STREAM_CRYPTO_METHOD_TLSv1_2_SERVER |
+				STREAM_CRYPTO_METHOD_TLSv1_3_SERVER;
+		}
 		// @codingStandardsIgnoreEnd
 	}